sun.security.mule.krb5.internal
Class KDCOptions

java.lang.Object
  sun.security.mule.krb5.internal.util.KerberosFlags
      sun.security.mule.krb5.internal.KDCOptions

Direct Known Subclasses:

LoginOptions

public class KDCOptions
extends KerberosFlags

Implements the ASN.1 KDCOptions type.

KDCOptions ::= KerberosFlags -- reserved(0), -- forwardable(1), -- forwarded(2), -- proxiable(3), -- proxy(4), -- allow-postdate(5), -- postdated(6), -- unused7(7), -- renewable(8), -- unused9(9), -- unused10(10), -- opt-hardware-auth(11), -- unused12(12), -- unused13(13), -- 15 is reserved for canonicalize -- unused15(15), -- 26 was unused in 1510 -- disable-transited-check(26), -- renewable-ok(27), -- enc-tkt-in-skey(28), -- renew(30), -- validate(31) KerberosFlags ::= BIT STRING (SIZE (32..MAX)) -- minimum number of bits shall be sent, -- but no fewer than 32

This definition reflects the Network Working Group RFC 4120 specification available at http://www.ietf.org/rfc/rfc4120.txt.

This class appears as data field in the initial request(KRB_AS_REQ) or subsequent request(KRB_TGS_REQ) to the KDC and indicates the flags that the client wants to set on the tickets. The optional bits are:

• KDCOptions.RESERVED
• KDCOptions.FORWARDABLE
• KDCOptions.FORWARDED
• KDCOptions.PROXIABLE
• KDCOptions.PROXY
• KDCOptions.ALLOW_POSTDATE
• KDCOptions.POSTDATED
• KDCOptions.RENEWABLE
• KDCOptions.RENEWABLE_OK
• KDCOptions.ENC_TKT_IN_SKEY
• KDCOptions.RENEW
• KDCOptions.VALIDATE

Various checks must be made before honoring an option. The restrictions on the use of some options are as follows:

1. FORWARDABLE, FORWARDED, PROXIABLE, RENEWABLE options may be set in subsequent request only if the ticket_granting ticket on which it is based has the same options (FORWARDABLE, FORWARDED, PROXIABLE, RENEWABLE) set.
2. ALLOW_POSTDATE may be set in subsequent request only if the ticket-granting ticket on which it is based also has its MAY_POSTDATE flag set.
3. POSTDATED may be set in subsequent request only if the ticket-granting ticket on which it is based also has its MAY_POSTDATE flag set.
4. RENEWABLE or RENEW may be set in subsequent request only if the ticket-granting ticket on which it is based also has its RENEWABLE flag set.
5. POXY may be set in subsequent request only if the ticket-granting ticket on which it is based also has its PROXIABLE flag set, and the address(es) of the host from which the resulting ticket is to be valid should be included in the addresses field of the request.
6. FORWARDED, PROXY, ENC_TKT_IN_SKEY, RENEW, VALIDATE are used only in subsequent requests.

Field Summary

static int	ALLOW_POSTDATE
static int	ENC_TKT_IN_SKEY
static int	FORWARDABLE
static int	FORWARDED
int	KDC_OPT_FORWARDABLE
int	KDC_OPT_PROXIABLE
int	KDC_OPT_RENEWABLE_OK
static int	POSTDATED
static int	PROXIABLE
static int	PROXY
static int	RENEW
static int	RENEWABLE
static int	RENEWABLE_OK
static int	RESERVED
static int	UNUSED10
static int	UNUSED11
static int	UNUSED7
static int	UNUSED9
static int	VALIDATE

Fields inherited from class sun.security.mule.krb5.internal.util.KerberosFlags

BITS_PER_UNIT

Constructor Summary

KDCOptions(boolean[] data)
Constructs a KDCOptions from the specified bit settings.

KDCOptions(byte[] options)
Constructs a KDCOptions from the passed bit settings.

KDCOptions(Config kerberosConfig)

KDCOptions(sun.security.util.DerValue encoding)

KDCOptions(int size, byte[] data)

Method Summary

boolean	get(int option) Gets the value(true/false) for one of the KDCOptions.
static KDCOptions	parse(sun.security.util.DerInputStream data, byte explicitTag, boolean optional) Parse (unmarshal) a KDCOptions from a DER input stream.
void	set(int option, boolean value) Sets the value(true/false) for one of the KDCOptions.

Methods inherited from class sun.security.mule.krb5.internal.util.KerberosFlags

asn1Encode, toBooleanArray, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

KDC_OPT_PROXIABLE

public final int KDC_OPT_PROXIABLE

See Also:

Constant Field Values

KDC_OPT_RENEWABLE_OK

public final int KDC_OPT_RENEWABLE_OK

See Also:

Constant Field Values

KDC_OPT_FORWARDABLE

public final int KDC_OPT_FORWARDABLE

See Also:

Constant Field Values

RESERVED

public static final int RESERVED

See Also:

Constant Field Values

FORWARDABLE

public static final int FORWARDABLE

See Also:

Constant Field Values

FORWARDED

public static final int FORWARDED

See Also:

Constant Field Values

PROXIABLE

public static final int PROXIABLE

See Also:

Constant Field Values

PROXY

public static final int PROXY

See Also:

Constant Field Values

ALLOW_POSTDATE

public static final int ALLOW_POSTDATE

See Also:

Constant Field Values

POSTDATED

public static final int POSTDATED

See Also:

Constant Field Values

UNUSED7

public static final int UNUSED7

See Also:

Constant Field Values

RENEWABLE

public static final int RENEWABLE

See Also:

Constant Field Values

UNUSED9

public static final int UNUSED9

See Also:

Constant Field Values

UNUSED10

public static final int UNUSED10

See Also:

Constant Field Values

UNUSED11

public static final int UNUSED11

See Also:

Constant Field Values

RENEWABLE_OK

public static final int RENEWABLE_OK

See Also:

Constant Field Values

ENC_TKT_IN_SKEY

public static final int ENC_TKT_IN_SKEY

See Also:

Constant Field Values

RENEW

public static final int RENEW

See Also:

Constant Field Values

VALIDATE

public static final int VALIDATE

See Also:

Constant Field Values

Constructor Detail

KDCOptions

public KDCOptions(Config kerberosConfig)

KDCOptions

public KDCOptions(int size,
                  byte[] data)
           throws Asn1Exception

Throws:

Asn1Exception

KDCOptions

public KDCOptions(boolean[] data)
           throws Asn1Exception

Constructs a KDCOptions from the specified bit settings.

Parameters:

data - the bits to be set for the KDCOptions.

Throws:

Asn1Exception - if an error occurs while decoding an ASN1 encoded data.

KDCOptions

public KDCOptions(sun.security.util.DerValue encoding)
           throws Asn1Exception,
                  IOException

Throws:

Asn1Exception

IOException

KDCOptions

public KDCOptions(byte[] options)

Constructs a KDCOptions from the passed bit settings.

Parameters:

options - the bits to be set for the KDCOptions.

Method Detail

parse

public static KDCOptions parse(sun.security.util.DerInputStream data,
                               byte explicitTag,
                               boolean optional)
                        throws Asn1Exception,
                               IOException

Parse (unmarshal) a KDCOptions from a DER input stream. This form parsing might be used when expanding a value which is part of a constructed sequence and uses explicitly tagged type.

Parameters:

data - the Der input stream value, which contains one or more marshaled value.

explicitTag - tag number.

optional - indicate if this data field is optional

Returns:

an instance of KDCOptions.

Throws:

Asn1Exception - if an error occurs while decoding an ASN1 encoded data.

IOException - if an I/O error occurs while reading encoded data.

set

public void set(int option,
                boolean value)
         throws ArrayIndexOutOfBoundsException

Sets the value(true/false) for one of the KDCOptions.

Overrides:

set in class KerberosFlags

Parameters:

option - an option bit.

value - true if the option is selected, false if the option is not selected.

Throws:

ArrayIndexOutOfBoundsException - if array index out of bound occurs.

See Also:

Krb5

get

public boolean get(int option)
            throws ArrayIndexOutOfBoundsException

Gets the value(true/false) for one of the KDCOptions.

Overrides:

get in class KerberosFlags

Parameters:

option - an option bit.

Returns:

value true if the option is selected, false if the option is not selected.

Throws:

ArrayIndexOutOfBoundsException - if array index out of bound occurs.

See Also:

Krb5